Paw 2024 Wrap Up: Key Lessons From Privacy Awareness Week

Published at 13:59 on 26 May 2024

Australia’s Privacy Awareness Week wrapped up on 12 May, but the components of its theme, “Power Up Your Privacy: Transparency, Accountability, and Security,” are important foundational concepts that will remain relevant for the foreseeable future. Digital risks are evolving, the regulatory landscape is becoming more complex, and customers want better protections in place – so for almost all organisations, powering up your privacy should be a non-negotiable throughout 2024. 

With that being said, these are some of the key takeaways from the 2024 PAW event and coverage:

Our Participation In PAW 2024

Throughout the week, we published a host of resources on Privacy 108’s LinkedIn, including: 

Privacy 108 Director Dr Jodie Siganto also focused on the importance of transparency and the link to accountability. Here’s a summary of her thoughts: 

  • Transparency or openness is one of the original privacy principles.
  • Transparency fosters trust, supports accountability, is required as part of securing informed consent and should address the information asymmetry between organsiations collecting and using data and the people whose data is being used.
  • Transparency can be challenging – particularly where it is viewed through a ‘legal contract’ lens.
  • Privacy policies are too long, too hard to understand and often contain vague and superficial language that can obfuscate activities, like over collection and micro-targeting
  • Some of these issues have been considered and will be addressed by likely changes to the Privacy Act
  • The future will continue to present challenges – with the use of AI, the Internet of Things and more pervasive profiling – and it will be important that foundational principles like transparency are used appropriately in response. Let’s see if we can do better with these new challenges to address power imbalances and power up privacy.

Key Takeaways From PAW 2024

AI Assessments

Just this week, AI was thrust back into the spotlight for discrimination. This time, an AI chatbot is reportedly recommending specific neighbourhoods in the US to potential home buyers and renters based on their race. 

We’ve seen organisations (and government bodies) getting into hot water by failing to adequately assess the risks of introducing novel AI products in Australia, too. The Australia Federal Police found itself in front of the OAIC again after it was found to be reviewing Auror footage, an AI-enhanced facial recognition system used by retailers to detect and prevent crime. This was after the Clearview AI scandal. Meanwhile, organisations are adopting AI-enhanced technologies to help with hiring, business strategy, customer service, and more. And many organisations aren’t adequately assessing the risk the AI poses before implementing it. 

We think that the lack of assessment is, in part, due to a lack of knowledge about what to assess. That’s why we developed our AI Impact Assessment Template. This downloadable was the most popular content we shared during Privacy Awareness Week, so if you missed it then, we suggest downloading it now.  

From The Customer’s Perspective

The theme for PAW 2024 applied equally to individuals who took part, as well as organisations. But the government’s messaging was tailored for each, with different action items for individuals versus those provided to companies. 

We thought exploring the customer’s materials could provide some key insights for Australian organisations, and here’s what we discovered: 

  • Australian customers were encouraged to say no by default to more privacy-invasive data collection. This practice may have an impact on your marketing teams and strategy, since the default for the past years has been to collect whatever information is available about your customers. Between more privacy-conscious consumers and regulatory trends around the globe geared towards fining organisations for overcollection, data minimization and privacy-preserving technologies look set to play a key role in privacy risk management in 2024. 
  • Individuals were urged to consider the clarity of a privacy policy whenever personal information is being asked for. The PAW material highlighted that customers should think about what is being asked for and how it will be used before handing over any information. This is a timely reminder for organisations to review existing privacy communications to consider how clearly and effectively privacy-related information is being conveyed. If it’s not easily readable, you should assume customers will have less trust in your organisation (and this may have financial and reputational consequences). 

Marketing Teams, Be Warned: ACMA’s Infringements Are Racking Up

Our team provided some useful resources for marketing professionals as part of our contribution to PAW. Our downloadable for marketing teams focused on the following: 

  • Which laws apply to direct marketers?
  • What is the SPAM Act 2003, including an overview of the law and the consequences of a breach.
  • What direct marketing activities are covered under Australia’s Privacy Act 1988?
  • What’s the Do Not Call Register, and how does it impact direct marketing?

It felt especially timely since we published it around the same time news headlines featured Pizza Hut’s $2.5 million penalty for sending spam. The penalty was imposed after Pizza Hut sent almost 6 million marketing communications without consent and almost 4.4 million marketing messages without any unsubscribe functionality between January and May 2023.

“The public expects more from businesses who are using their data. They have a right not to be sent marketing messages if they haven’t consented or have chosen to unsubscribe.” – ACMA member Samantha Yorke

The press release covering the penalty highlighted that enforcement of the spam unsubscribe rules is a current ACMA compliance priority. So, we direct you to our marketing teams downloadable to learn more about marketing compliance in Australia. 

 

Privacy, security and training. Jodie is one of Australia’s leading privacy and security experts and the Founder of Privacy 108 Consulting.